exploitDog

GHSA-rv49-vc49-4rpp

Опубликовано: 27 апр. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.

Ссылки

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-28449

CVSS3: 6.1

nvd

почти 4 года назад

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79